6

So, I'm completely new to hosting and Linux and all, so please forgive me if I'm saying things that are wrong. I'm still learning :)

I'm working a small personal website created using Django. I wanted to get it online to see if everything would work. I got a cheap server from linode and using a guide from Digital-Ocean (the irony) I got everything working. I was happy.

But... There's one major problem and I've read half the internet and can't find any similar problems: when the post request is larger than ~4MB (uploading images etc.) the files are being saved with the wrong permissions.

When the request size is smaller than about 4MB, everything works without a single problem. When the request size is bigger, everything gets uploaded and saved to the server without a single problem, but from there on I can't access the files from the browser anymore and the site keeps throwing 403 forbidden on those files. That's because the files are suddenly saved with wrong permissions or something like that.

Permissions of a forbidden file: -rw------- 1 [user] root 7900880 May 12 08:24 filename1.pdf

Permissions of a working file: -rw-r--r-- 1 [user] root 207420 May 11 19:36 filename2.jpg

I'm not sure if even the working file is completely correct, since it doesn't need root I think.

I'm getting tired of this problem. It sounds so illogical; what has filesize to do with permissions!? And the fact that I lack any experience with this doesn't make solving it any easier. If anyone here has the golden tip, I'd be so thankful :)

I'm using Nginx and uWSGI on Ubuntu 17.04 together with a Django 1.11 application.

Landcross
  • 472
  • 7
  • 16
  • 2
    That is almost certainly an issue with your Django app, as the file would be saved by Python/Django, not by nginx. – Sven May 12 '17 at 08:09
  • Hmm, I haven't thought about it that way, stupid me. When working on a problem for too long, you're just starting to get blind. I'll take a look at it, thanks :) – Landcross May 12 '17 at 08:21
  • 2
    It can be caused by different buffering for larger files, e.g. small files are buffered in the memory and saved directly into the place and large files are buffered into a temporary file first, with more strict permissions and then moved into the place without updating their permissions – AlexD May 12 '17 at 08:42
  • Any idea how I could know/check if that is happening and if that is the problem? – Landcross May 12 '17 at 10:36

1 Answers1

8

After struggling with this issue myself I figured it out. AlexD's theory of large files being handled differently is correct.

From Django's documentation:

FILE_UPLOAD_PERMISSIONS

Default: None

The numeric mode (i.e. 0o644) to set newly uploaded files to. For more information about what these modes mean, see the documentation for os.chmod().

If this isn’t given or is None, you’ll get operating-system dependent behavior. On most platforms, temporary files will have a mode of 0o600, and files saved from memory will be saved using the system’s standard umask.

So in summary: larger files are stored using temporary files, which will get 0o600 permissions by default. The problem can easily be fixed by setting a value to FILE_UPLOAD_PERMISSIONS.

https://docs.djangoproject.com/en/1.11/ref/settings/#file-upload-permissions

Zathras
  • 405
  • 4
  • 7